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PERMISSION BASED DATA EXCHANGE 

CROSS-REFERENCE TO RELATED PATENT APPLICATION 

This application claims priority from United States Provisional Application Serial 
Number 60/225,689 that was filed on August 16, 2000. The disclosure of Serial Number 
60/225,689 is incorporated by reference in its entirety herein. 

BACKGROUND 

1. Field of Invention 

This invention relates to the management of private information on a computer 
network. More particularly, the management of proprietary personal or business private 
information via a third-party server. 

2. Description of Related Art 

Private customer and proprietary business information has become one of the 
most sought after commodities in the Internet marketplace. The interactive nature of the 
Internet is fundamentally changing the way business is done. Businesses are moving from 
a product-centric world to one that is customer-centric and information-centric. 
Businesses increasingly compete on their ability to uncover and listen to individual 
customers and partners and provide superior service and specifically targeted offerings. 
One key to succeeding in this customer-centric marketplace is the ability of a company to 
tailor its efforts to a specific customer 

Currently, the management of private personal and business information on the 
Internet is handled in a myriad of ways. Some are very open and require the user to 
consent while others are less obvious and collect information without the users 
knowledge. For example, when making a purchase on the Internet, a customer is usually 
required to enter in relevant information such as name, address, and method of payment. 
This is one example of a consensual and open exchange of information. In contrast, 
some parties attempt to gather personal information from an Internet user by tracking the 
usage of the user and generating a profile. In many cases, the tracking is done without 



the users knowledge or permission. If the user wishes to stop this tracking, she must 
"opt-out" by notifying the tracker to stop. 

However, many customers would still like to receive information that is tailored 
to their needs while not sacrificing their privacy or being tracked without their 
knowledge. Providing information directly to a third party, as mentioned above, seems to 
satisfy these goals. This method can be inefficient though because users usually only 
enter data when making a purchase or registering for a service. Additionally, security 
concerns are usually not addressed because in many instances a user's personal data is 
sold or transferred to other parties. Moreover, the information provided to one party may 
not be appropriate for another party resulting in inaccurate user profiles. Usage tracking 
may be more efficient due to its constant monitoring, however it is severely crippled by 
its inability to effectively classify a user and most consumers react very negatively to 
being tracked without permission. 

In addition to the above concerns, the Federal Trade Commission recently enacted 
the Children's Online Privacy Protection Act (COPPA) which is directed toward 
protecting the privacy of children on the Internet. This Act further complicates the 

collection of information and is indicative of a need for permission based services. 

Additional concerns relating to privacy and security over networks arise in the 

context of industrial data sharing. Many companies rely heavily on partnerships to 

effectively compete in such a diverse technological marketplace. Partnerships can 

crumble however if information cannot be effectively shared. 

There exists therefore a need for an efficient method of providing a party with 

accurate information of a network user while protecting the privacy of the user and the 

security of the data. 

SUMMARY OF THE INVENTION 

Accordingly, it is an object of the invention to provide a secure method of 
providing accurate data to a network user about a second network user or a customer. A 
host receives a request for access from a requester and transmits the request to an 
authority. Pursuant to the authority's response, the host either provides or denies the 



requester with access. In one embodiment, access is granted by providing the requester 
with a password. 

It is a feature of the invention that in one embodiment (1) the user can be a child, 
(2) the data can be whether the child can access a website accessible via a URL (Uniform 
Resource Locator), and (3) the data is provided by the parent of the child. It is a further 
feature of the invention that the data is stored by a trusted third party. Still further 
features of the invention are that the data can be customized and its transmission can be 
controlled by the user or in the alternative, someone in authority over the user such as a 
parent. 

It is an advantage of the invention that a web site operator can efficiently obtain 
the consent of a parent to provide information to a child and to collect information from 
that child. It is a further advantage that personal or private information about an Internet 
user can be transmitted to a third party with the permission of the provider of the 
information. 

In accordance with one embodiment of the invention there is provided a method 
of providing permission to a web site to transmit data to a child. A web site accessible 
via a URL receives a request for access from a child. The site then transmits the request 
to an authority database. The authority database receives the request and transmits a 
response from the site to either (1) grant, or (2) deny access to the child. 

In accordance with a second aspect of the invention there is provided a method of 
creating and maintaining a vendor account on behalf of an individual entity through the 
use of a third-party server accessible via the Internet. An individual registers personal 
information with a Permission Based Information Exchange (PCIX) server and a cookie 
is stored on the individual's computer. The individual visits a PCIX registered vendor's 
web site and the web site accesses the cookie to identify the individual as a PCIX 
customer. If the vendor wishes to access customer information it can send a request to 
the PCIX server. The PCIX server would then notify the individual that a request has 
been made by this vendor and ask for authorization to send the information. The 
individual can then respond to the request and, without limitation, (1) have the 
information transmitted to the vendor; (2) have specific information transmitted to the 
vendor; or (3) have no information transmitted to the vendor. 



It is a feature of the invention that a PCIX meta-directory can be created to allow 
different entities to map their information to all vendors. The meta-directory maps all 
information to create a single point of contact for web vendors. Vendors will only need 
to sign up with the directory to access all third-party services. 
5 It is an advantage of the invention that users who register their personal 

information can "opt-in" to sharing their personal information only with those sites which 
the user authorizes. 

In accordance with a third embodiment of the invention there is provided a 
permission based method for providing an individual from one organization with 
10 information about an individual from a partner organization. At least a first partner and a 
second partner provide employee information to a PCIX server. The PCIX server creates 
a matrix of the two sets of employee information and input the matrix into a meta- 
! jS directory. Based on a request for information from the meta-directory, the requester is 
; ^ provided with a response that is dynamically mapped from the matrix and other subsets 
13 15 of the meta-directory. The partner companies could pre-authorize some or all of the 

transmission of data to requesters or in the alternative, require authorization on a case by 
*0 case basis. 

□ In one aspect of this embodiment, two or more companies contribute salesperson 

J y information to a PCIX server. The PCIX server compiles a matrix of the information and 

! I! 20 inputs that information into a meta-directory that could links salespeople across each 
\% company based on a desired function or capability. One such match could be where two 

salespeople from different companies both sell their respective service to a common 
customer. The meta-directory would also store communications between the salespeople 
and track any referrals. 
25 Additionally, the PCIX server can be programmed to handle requests for 

information in different ways. One example would be to prompt a requester for 
additional information and allow the sender or receiver to route requests to additional 
infomediaries. It would also be possible to attach additional content to these 
communications. 



4 



It is a feature of the invention that individual companies can require requests to 
conform to a predetermined form and if deficient, either deny access to the information or 
request more information from the requester. 

It is an advantage of the invention that an employee in one organization can 
rapidly locate the appropriate employee in a partner company. It is a further advantage of 
the invention that the PCIX meta-directory structure provides a secure and reliable third- 
party authorization platform. It is a further advantage of the invention that the PCIX 
meta-directory structure enables a specific method of communicating information 
between parties and while adding that information to the meta-directory. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates a generic authorization. 
Figure 2 illustrates a child request authorization. 
Figure 3 displays a child's subscription. 

Figure 4 illustrates in flow chart format an example of a PCIX transaction. 
Figure 5 illustrates a multi-company PCIX transaction. 

DETAILED DESCRIPTION 

With reference to Figure 1 a requester 2 requests 4 information from a host 6. 
Host 6 receives request 4 and transmits 8 request 4 to authority database server 10. 
Database authority 10 communicates 18 request 4 to authorization party 20. 
Authorization party 20 communicates 16 authorization or denial to database authority 10. 
If authorization is communicated, database authority transmits either (1) a signal 22 to 
host 6 to provide information or (2) a signal 14 to requester 2 which includes a key, such 
as a password, to access the requested information from host 6. If authorization is 
denied, database authority 10 transmits a signal 22' to host 6 to withhold information or a 
signal 14' to requester 2 indicating that access is forbidden. 

In an alternative embodiment, authorization party 20 provides a list of authorized 
and unauthorized locations to database authority 10. Database authority 10 stores this list 
and responds to host 6 request 8 based on the list without contacting authorization party 
20. 



Host 6 and servers outlined in other embodiments are typically a computer, more 
specifically a web server, located on the Internet or within a network of computers such 
as a Local Area Network (LAN) or a Wide Area Network (WAN). Host 6 and database 
server 10 server are typically connected to the Internet or the computer network via high- 
speed connections such as a Tl line. Requester 2 locates host 6 via an Internet Protocol 
(IP) address or other computer network address assigned to host 6. Requester 6 can have 
a fixed IP address on the network or be a user who is dynamically assigned an IP address 
when logged in to the network. Database authority 10 is also a computer located on the 
computer network and is also assigned an IP address or other network address. Authority 
20 is accessible via the computer network and communication between the parties is 
typically accomplished via Transmission Control Protocol/Internet Protocol (TCP/IP) and 
can be encrypted into cypher text. Common encryption schemes utilize 128 binary digit 
(bit) encryption but greater or lesser encryption schemes can be used. Other 
communication methods effective to transmit data over a computer network are equally 
appropriate. 

With reference to Figure 2, a child 24 accesses 26 a vendor website 28 and 
requests to register. Vendor website 28 transmits 32 request to a third-party server 40 
such as followup.net. Third-party server 40 notifies 38 parent 42 of child 24 that child 24 
wishes to register at vendor website 28. Parent 42 then transmits 36 a grant or denial of 
permission to third party server 40. If parent 42 grants permission, third-party server 40 
communicates 32 to vendor 28 that child is permitted to register and or sends a key 34 
such as a password to child 24 to register at vendor website 28. If parent 42 denies 
permission, server 40 notifies vendor website 28 that child cannot register and or notifies 
34 child 24 that he or she cannot register. 

Figure 3 is a graphical illustration of a subscription process for a child to gain 
access to information or send information to a web site. A first pop up question box 44 is 
displayed when a user attemps to gain access to information that requires parental 
permission if the user is under the age of 13 or to send personal information. Selecting 
"no" button 82 allows the user to access the requested information or to send personal 
information to the site. Selecting "yes" button 84 launches a second pop up box 46. 
Second pop up box 46 prompts the user for his or her e-mail address 78 and the e-mail 



address of the child's parent 80. After filling in these the child selects send button 86 to 
continue or cancel button 88 to cancel the transaction. If the child selects send button 86, 
an e-mail 50 is sent to the parent notifying it that the child would like to access 
information on the site or send information to the site. The parent can then fill out a third 
pop up box 56 filling in without limitation (1) the parent's name and (2) the relationship 
to the child if not the parent. By selecting the yes button 90, the child would be granted 
permission via e-mail 52 to access the site or send information to the site 48. By 
selecting no button 92, the child would be notified via e-mail 58 that permission to access 
the information or send information is forbidden. Selecting cancel button 94 would also 
result in the authorization being denied by no action. 

Figure 4 is a graphical illustration in flow chart format of a PCIX transaction. A 
customer 60 registers personal information without limitation, (1) name, (2) address, (3) 
credit card information, (4) age, (5) occupation, (6) salary, (7) marital status, (8) number 
and ages of children, (9) brand preferences, (10) purchasing habits, (1 1) medical history, 
(12) delivery instructions, (13) contact information, and (14) travel preferences with a 
PCIX server 66. PCIX server 66 creates a profile of customer 60 and stores it in a PCIX 
meta directory 64 and transmits a cookie to customer's 60 computer. Customer 60 
accesses a vendor's 62 web site and the vendor is alerted by the PCIX cookie that 
customer 60 is a PCIX member. Vendor 62 can then request personal information 
located in the PCIX meta directory 64 from PCIX server 66 about customer 60. The 
PCIX server notifies customer 60 that an information request has been sent from vendor 
62 and customer 60 can then decide whether to allow the PCIX server to transmit the 
requested information to vendor 62. 

Figure 5 is an illustration of a multi-company matrix and meta-directory system. 
Companies 96, 98 and 100 transmit an employee characteristic list including without 
limitation (1) employee name, (2) employee position, (3) sales territory, (4) current 
customers, and (5) prospective customers to a third-party meta-directory 124. Meta- 
directory 124 compiles a matrix listing that relates employees from one company to 
employees of at least a second company by common position, customer, territory or other 
relevant variable. A salesperson 110 could access meta-directory 124 to find a suitable 
partner from at least a second company. Companies 96, 98, and 100 would have full 



control over the transmission of the information it provided. In another embodiment, 
companies 96, 98, and 100 would pre-authorize the transmission of information. 

It is apparent that there has been provided a method for a requester to gain 
access to desired location that fully satisfies the objects, means and advantages set forth 
hereinbefore. While the invention has been described in combination with specific 
embodiments and examples thereof, it is evident that many alternatives, modifications 
and variations will be apparent to those skilled in the art in light of the foregoing 
description. Accordingly, it is intended to embrace all such alternatives, modifications 
and variations as fall within the spirit and broad scope of the appended claims. 
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AllianceTrakker 



1. Organize the Sales Contact Matrix 

Alliance Partners mutually agree on common customers and control 
a map of each to the appropriate sales contact at each partner. 
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✓ Email delivery of a customized matrix of \ 
* accounts and contacts to each salesperson. 
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3. Communicate Opportunities and Build Relationships 

To Initiate communication regarding a specific account, the salesperson simply 
checks a box corresponding to the account and the partner. The leadjssent to the 
appropriate contact at the receiving partner. The lead can be routed through a 
Contact person or "gatekeeper- by either the sending or receiving company. 



Educate Partner* Qualify Leads 

AliianceTrakker can automatically email the The receiving partner can 

sender the appropriate product Information automatically ask the sender to 

as ruled by the qualification survey. complete a customer needs survey 



Follow Up on Leads Report on Activity 

Leads can be updated, confirmed and AllianceTrakker provWesa ***** 

ataes^d for v^ue automatically or activity tracking and 
rranuaUy, by any of the parties involved. account, territory, or salesperson 



For more information contact: 
FollowUp@Fo!IOWUp.Net; (203)226-5853x118 
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AllianceTrakker 

Increase the Productivity of Strategic Alliances 



AllianceTVakker generates more sales leads from your network of alliance partners. 

• Raise your sales team's visibility in the marketplace 

• Avoid missing credit for referrals 

• Build one-to-one, "street level" relationships throughout your partner network 

• Strengthen your alliances through a common lead management platform 

AllianceTrakker Features: 

• Maximizes an existing "opportunity network" close to potential customers 

• Improves processing of incoming and outgoing sales leads 

• Opalines leads automatically 

• Routes and forwards leads 

• Educates inquiring partners with product and sales information 

• Tracks and reports on activity by partner, account, salesperson or product 

• Follows up to determine outcomes and lead value 

• Delivered to the desktop via email and the web, requiring no software or user 

atible with current business practices and processes 




nts and sales contacts for each 
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ly visible to appropriate personnel, 
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For more information, contact: 
(203)226-5853x118 
sales@followup.net 

©2001. FollowUp.Net revision 050801 
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ReferralTrakker , PartnerTrakker and AllianceTrakker are a method and system 
for creating and deploying a computer-based, third party, mufti-company meta- 
directory to allow businesses to enable, access! control and record 
communications between their salespeople. The invention allows companies who 
contribute to meta-directory to provide salesperson and account information to 
each other for business-to-business purposes such as discovering related 
business contacts and communicating new business opportunities or to improve 
customer service. 



ReferralTrakker Network Claim 

I . Company A contributes salesperson and client list (prospective or 
existing) and other company-specific information (such as salesperson 
profiles and partner lists) to FoilowUp/ReferrafFrakker meta-directory 

2- Company B contributes salesperson and client list (prospective or 
existing) and other company-specific information (such as salesperson 
profiles and partner fists) to FollowUp/ReferraiTrakker meta-directory 

3. Company C contributes salesperson and client list (prospective or 
existing) and other company-specific information (such as salesperson 
profiles and partner lists) to FoHowUp/ReferralTrakker meta-directory 

4. FollowUp.Net creates a matrix listing that relates each company's 
salespeople by their common accounts by matching up accounts by 
name, territory, etc. using computer assistance for comparing and relating 
company names, 

5. In addition to Matrix listing, FollowUp.Net may also be programmed to 
handle requests in different ways, such as (prompt for additional 
information if desired, allow sender or receiver to route requests to 
additional intermediaries.) And it may include attaching additional content 
to communications. 

6. Each participating company controls display of and access to 
information by others and the handling of information as it travels through 
the system. 

7. FollowUp,Net acts as computer agent / slave server for companies by 
distributes or makes list available online 

8. Individual salespeople (at company A) use their computers to discover 
their counter parties by common account, 

9. Individual salesperson (at company A) who wishes to communicate with 
an identified salesperson at company B requests that FollowUp.Net (third 
party communication) send a communication to the counter party, on 
behalf of the requester 

1 0. FollowUp.Net may be programmed (on behalf of company B) to ask 
requester at company A for additional information before forwarding the 
request to appropriate person at company B (qualification survey) 

I I . FollowUp.Net may be programmed by sending or receiving companies to 
add information to (such as additional information submitted upon request 



This Information is Proprietary and Confidential 
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Addendum to PCIX-Oriented Business Patent Notes 



or pre-stored information), forward or copy communication to others in the 
process. 

12, FollowUp.Net provides response mechanism either pre-programmed or 
manually by individual communication 

13. FollowUp.Net enables the tracking of communication 

14. FollowUp.Net can send an online inquiry to one or the other side 
requesting status updates of the object of communication 

15, FollowUp.Net provides activity reports to both sides' computers 



Company A 



List 



Company B 



Company C 



List 1* 



List i0° 




fa* 



1 . Contribute and control lists and information 

2. Search for and Discover counter party 

3. Request or send information to counterparty 

4. Prompted by FollowUp for more information 

5. Procces by FollowUp and record 

6. Forward information to counterparty 

7. FollowUp with either or both sides to determine status 



This Information is Proprietary and Confidential 
l J oJIowUp,Ncij LLC 8/13/01 
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AllianceTrakker "Program Rules" 



FollowUp.Net's sold focus is on improving the relationships between the 
participants on the network. Our success will be measured by enabling 
participants to create a sustainable competitive advantage and realize additional 
revenues. As such, we will do nothing that is not in the best interests of our 
clients and these goals. FollowUp will ensure that partners have complete control 
of their information and confidentiality on the network. 



# 1: Participants are committed to fostering direct, mutually beneficial person- 
to-person communication on a client-specific basis. 

Only sates contacts who are listed as covering accounts wilt be able to 
initiate or receive information from their alliance partners regarding those 
accounts. 



#2: Partners control the visibility and accessibility of al) information. 

Partners only put the accounts, salespeople and contacts that they want 
others to see on the network. In addition, only account "matches" will be 
visible to the alliance partners. I.E. if participant "A" lists account AcmeCo 
while participant does not list AcmeCo, then participant will not see 
that account listed (under participant "A") in their contact matrix. 



FollowUp will maintain a strict neutrality and confidentiality. 

FollowUp will implement and maintaining the sales contact/account matrix 
and operate the network as a neutral third party for the benefit of all 
participants. FollowUp will keep aB partner, account and salesperson 
information specifically confidential to the partners contributing the 
information. FollowUp will not use that information in any way, 
whatsoever. Any partner can decline to participate at any lime and all 
information will be returned to the partner who contributed it upon request. 
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Alliance Partner FollowUp Program 
Participant Classifications 



Tier One Partner 

FollowUp clients who are paying members who enjoy the full range of network 
features and services and can use the network to send or receive sales leads 
and communications with Tier two or Tier Three partners (i.e. a Tier one partner 
can bring non-paying partners.) FollowUp: 

• Provides and maintains the account/salesperson/partner matrix on their 
behalf 

• Enables the participant to initiate communication across the network 

• Provides additional features such as: 

o Automatic qualification surveys 

o Lead routing 

o Step-by-step tracking 

o Lead follow up ("closed" and "open" loop) 

• Activity, Status, and other reports by partner, product, territory, etc. 



Tier Two Partner 

Network participants who have been brought in by a Tier One partner and who 
pay for additional features and services of the network beyond the base Tier 
Three receive-only level: 

• Activity reports for managers 

• Gatekeeper routing 

• List management 

• Partnership environmental overview 



Tier Three Partner 

Network partners whose participation is sponsored by paying members and are 
limited to "receive-only" from Tier One partners. No reports or additional services. 
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Permission Based Data Exchange 
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Child begins subscription process 
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To: [Child's email] 
From: [Site.com] 
Subject: Permission Request 

We have received your parent 1 ^ permission to 
participate in [site.com]. 

Please click below to sign up; 
http://www.site.corn/registratioh 



To: [Parent's email] 
From: [Site.com] 
Subject: Permission Request 

[child's email address] would like to participate in 
[site.com]. Federal law requires parental permissionj 
children under the age of 13 to provide inforrnatigpKor 
participate in... 

Click here to grant or deny permission? 
http://www.ChildTracker.net/siteref 





ChildTracker ' is a product of 
FollowUp.Net 



email] 
From: [Site.com] 
Subject: Permission Request 

We have received response from your parent denying 
permission to participate in [site.com]. 

We're sorry! 
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The ChildTracker is the easiest way to receive parental permission, to collect information 
from children and comply with the Children's Online Privacy Protection Act (COPPA) 



ChildTracker: 

• Requests and validates permission slips to and from parents and children. 

• Gives parents access to their children's information. 

• Has a survey component to easily capture client-specific feedback. 

• Provides a flexible means to manage the customer relationship. 

How ChildTracker Works 

J 5 . A pop-up survey will request a parent's e-mail address where information is to be collected. 

ChildTracker net will e-mail the parent a registration form for your site. This includes: 

ifl a. The name of your company, including all relevant contact information 

M b. What the information collected will be used for 

l§ c. A link to your company's privacy statement 

\^ d. Whether the information collected with be shared with or sold to a third party 

; J e. Credit card validation if information will be shared with a third party 




ill . After the parent returns the ChildTracker request for permission, the response is recorded in 
i f ur database. All res|ffiQnm§, from parents are collected, and ChildTracker will send you an 



collected by your site on their children, and 
land maintain the information, and provide these 
^feine the access and review process. 



dure and integrate feedback into the 
1 provides an easy means for 
jtal market research, increasing the 



jfor More information Contact 
pan Mack, amack@folIowup.net 
|203)226-5853 x47 
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TITLE XIII -CHILDREN'S ONLINE PRIVACY 
PROTECTION 

SEC. 130L SHORT TITLE. 

This title may be cited as the "Children's Online Privacy Protection Act of 1998'. 

SEC. 1302. DEFINITIONS. 
In this title: 

(1) Child: The term "child 1 means an individual under the age of 13. 

(2) Operator: The term "operator 1 -- 

(A) means any person who operates a website located on the Internet or an online service and 
who collects or maintains personal information from or about the users of or visitors to such 
website or online service, or on whose behalf such information is collected or maintained, where 
such website or online service is operated for commercial purposes, including any person 
offering products or services for sale through that website or online service, involving commerce- 

(i) among the several States or with 1 or more foreign nations; 

(ii) in any territory of the United States or in the District of Columbia, or between any such 
territory and— 
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(I) another such territory; or 

(II) any State or foreign nation; or 

(iii) between the District of Columbia and any State, territory, or foreign nation; but 

(B) does not include any nonprofit entity that would otherwise be exempt from coverage under 
section 5 of the Federal Trade Commission Act (15 U.S.C 45). 

(3) Commission: The term "Commission' means the Federal Trade Commission. 

(4) Disclosure: The term "disclosure 1 means, with respect to personal information- 

(A) the release of personal information collected from a child in identifiable form by an operator 
for any purpose, except where such information is provided to a person other than the operator 
who provides support for the internal operations of the website and does not disclose or use that 
information for any other purpose; and 

(B) making personal information collected from a child by a website or online service directed to 
children or with actual knowledge that such information was collected from a child, publicly 
available in identifiable form, by any means including by a public posting, through the Internet, 
or through- 

(i) a home page of a website; 

(ii) a pen pal service; 

(iii) an electronic mail service; 

(iv) a message board; or 

(v) a chat room. 

(5) Federal agency: The term "Federal agency* means an agency, as that term is defined in 
section 55 1 (1 ) of title 5, United States Code. 

6) Internet: The term "Internet* means collectively the myriad of computer and 
telecommunications facilities, including equipment and operating software, which comprise the 
interconnected world-wide network of networks that employ the Transmission Control 
Protocol/Internet Protocol, or any predecessor or successor protocols to such protocol, to 
communicate information of all kinds by wire or radio. 

(7) Parent: The term "parent 1 includes a legal guardian. 
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(8) Personal information: The term "personal information* means individually identifiable 
information about an individual collected online, including- 

(A) a first and last name; 

(B) a home or other physical address including street name and name of a city or town; 

(C) an e-mail address; 

(D) a telephone number, 

(E) a Social Security number, 

(F) any other identifier that the Commission deteimines permits the physical or online contacting 
of a specific individual; or 

(G) information concerning the child or the parents of that child that the website collects online 
from the child and combines with an identifier described in this paragraph, 

(9) Verifiable parental consent* The term 'verifiable parental consent' means any reasonable 
effort (taking into consideration available technology), including a request for authorization for 
future collection, use, and disclosure described in the notice, to ensure that a parent of a child 
receives notice of the operator's personal information collection, use, and disclosure practices, 
and authorizes the collection, use, and disclosure, as applicable, of personal information and the 
subsequent use of that information before that information is collected from that child. 

(10) Website or online service directed to children: 

(A) In general: The term "website or online service directed to children' means- 
(i) a commercial website or online service that is targeted to children; or 

(11) that portion of a commercial website or online service that is targeted to children. 

(B) limitation: A commercial website or online service* or a portion of a commercfal website or 
online service, shall not be deemed directed to children solely for referring or linking to a 
commercial website or online service directed to children by using information location tools, 
including a directory, index, reference, pointer, or hypertext link. 

(11) Person: The term "person* means any individual, partnership, corporation, trust, estate, 
cooperative, association, or other entity. 

(12) Online contact information: The term "online contact information' means an e-mail 
address or another substantially similar identifier that permits direct contact with a person online. 
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SEC. 1303. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES IN 
CONNECTION WITH THE COLLECTION AND USE OF PERSONAL INFORMATION 
FROM AND ABOUT CHILDREN ON THE INTERNET. 

(a) Acts Prohibited: 

(1) In general: It is unlawful for an operator of a website or online service directed to children, 
or any operator that has actual knowledge that it is collecting personal information from a child, 
to collect personal information from a child in a manner that violates the regulations prescribed 
under subsection (b). 

(2) Disclosure to parent protected: Notwithstanding paragraph (1), neithet an operator of such 
a website or online service nor the operator's agent shall be held to be liable under any Federal or 
State law for any disclosure made in good faith and following reasonable procedures in 
responding to a request for disclosure of personal information under subsection (b)(l)(B)(iii) to 
die parent of a child. 

(b) Regulations: 

(1) In general: Not later than 1 year after the date of the enactment of this Act, the Commission 
shall promulgate under section 553 of tide 5, United States Code, regulations that- 

(A) require the operator of any website or online service directed to children that collects 
personal information from children or the operator of a website or online service that has actual 
knowledge that it is collecting personal information from a child- 

(i) to provide notice on the website of what information is collected from children by the 
operator, how the operator uses such information, and the operator's disclosure practices for such 
information; and 

(ii) to obtain verifiable parental consent for the collection, use, or disclosure of personal 
information from children; 

(B) require the operator to provide, upon request of a parent under this subparagrapiTwhose child 
has provided personal information to that website or online service, upon proper identification of 
that parent, to such parent— 

(i) a description of the specific types of personal information collected from the child by that 
operator; 

(ii) the opportunity at any time to refuse to permit the operator's further use or maintenance in 
retrievable form, or future online collection, of personal information from that child; and 
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(iii) notwithstanding any other provision of law, a means that is reasonable under the 
circumstances for the parent to obtain any personal information collected from that child; 

(C) prohibit conditioning a child's participation in a game, the offering of a prize, or another 
activity on the child disclosing more personal information than is reasonably necessary to 
participate in such activity; and 

(D) require the operator of such a website or online service to establish and maintain reasonable 
procedures to protect the confidentiality, security, and integrity of personal information collected 
from children. 

(2) When consent not required: The regulations shall provide that verifiable parental consent 
under paragraph (l)(A)(ii) is not required in the case of- 

(A) online contact information collected from a child that is used only to respond directly on a 
one-time basis to a specific request from the child and is not used to recontact the child and is not 
maintained in retrievable form by the operator; 

(B) a request for the name or online contact information of a parent or child that is used for the 
sole purpose of obtaining parental consent or providing notice under this section and where such 
infonnation is not maintained in retrievable form by the operator if parental consent is not 
obtained after a reasonable time; 

(C) online contact infonnation collected from a child that is used only to respond more than once 
directly to a specific request from the child and is not used to recontact the child beyond the 
scope of that request— 

(i) if, before any additional response after the initial response to the child, the operator uses 
reasonable efforts to provide a parent notice of the online contact infonnation collected from the 
child, the purposes for which it is to be used, and an opportunity for the parent to request that the 
operator make no further use of the information and that it not be maintained in retrievable form; 
or 

(ii) without notice to the parent in such circumstances as the Commission may determine are 
appropriate, taking into consideration the benefits to the child of access to information and 
services, and risks to the security and privacy of the child, in regulations promulgated under this 
subsection; 

(D) the name of the child and online contact information (to the extent reasonably necessary to 
protect the safety of a child participant on the site)- 

(i) used only for the purpose of protecting such safety; 

(ii) not used to recontact the child or for any other purpose; and 
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(iii) not disclosed on the site, 

if the operator uses reasonable efforts to provide a parent notice of the name and online contact 
information collected from the child, the purposes for which it is to be used, and an opportunity 
for the parent to request that the operator make no further use of the information and that it not 
be maintained in retrievable form; or 

(E) the collection, use, or dissemination of such information by the operator of such a website or 
online service necessary— 

(i) to protect the security or integrity of its website; 

(ii) to take precautions against liability; 

(iii) to respond to judicial process; or 

(iv) to the extent permitted under other provisions of law, to provide information to law 
enforcement agencies or for an investigation on a matter related to public safety* 

(3) Termination of service: The regulations shall permit the operator of a website or an online 
service to terminate service provided to a child whose parent has refused, under the regulations 
prescribed under paragraph (l)(B)(ii), to permit the operator's further use or maintenance in 
retrievable form, or future online collection, of personal information from that child. 

(c) Enforcement: Subject to sections 1304 and 1306, a violation of a regulation prescribed under 
subsection (a) shall be treated as a violation of a rule defining an unfair or deceptive act or 
practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 
57a(aXlXB)). 

(d) Inconsistent State Law: No State or local government may impose any liability for 
commercial activities or actions by operators in interstate or foreign commerce in connection 
with an activity or action described in this title that is inconsistent with the treatment of those 
activities or actions under this section. 

[Page: HI 1241] 

SEC. 1304. SAFE HARBORS. 

(a) Guidelines: An operator may satisfy the requirements of regulations issued under section 
1303(b) by following a set of self-regulatory guidelines, issued by representatives of the 
marketing or online industries, or by other persons, approved under subsection (b). 

(b) Incentives: 

(1) Self-regulatory incentives: In prescribing regulations under section 1 303, the Commission 
shall provide incentives for self-regulation by operators to implement the protections afforded 
children under the regulatory requirements described in subsection (b) of that section. 
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(2) Deemed compliance: Such incentives shall include provisions for ensuring that a person will 
be deemed to be in compliance with the requirements of the regulations under section 1303 if 
that person complies with guidelines that, after notice and comment, are approved by the 
Commission upon making a determination that the guidelines meet the requirements of the 
regulations issued under section 1303. 

(3) Expedited response to requests: The Commission shall act upon requests for safe harbor 
treatment within 180 days of the filing of the request, and shall set forth in writing its conclusions 
with regard to such requests. 

(c) Appeals: Final action by the Commission on a request for approval of guidelines, or the 
failure to act 

within 180 days on a request for approval of guidelines, submitted under subsection (b) may be 
appealed to a district court of the United States of appropriate jurisdiction as provided for in 
section 706 of tide 5, United States Code. 

SEC. 1305. ACTIONS BY STATES. 

(a) In General: 

(1) Civil actions: In any case in which the attorney general of a State has reason to believe that 
an interest of the residents of that State has been or is threatened or adversely affected by the 
engagement of any person in a practice that violates any regulation of the Commission prescribed 
under section 1303(b), the State, as parens patriae, may bring a civil action on behalf of the 
residents of the State in a district court of the United States of appropriate jurisdiction to- 

(A) enjoin that practice; 

(B) enforce compliance with the regulation; 

(C) obtain damage, restitution, or other compensation on behalf of residents of the State; or 

(D) obtain such other relief as the court may consider to be appropriate. 

(2) Notice: 

(A) In general: Before filing an action under paragraph (1), the attorney general of the State 
involved shall provide to the Commission- 

(i) written notice of that action; and 

(ii) a copy of the complaint for that action. 



13 



102138-100 



(B) Exemption: 

(i) In general: Subparagraph (A) shall not apply with respect to the filing of an action by an 
attorney general of a State under this subsection, if the attorney general determines that it is not 
feasible to provide the notice described in that subparagraph before the filing of the action. 

(ii) Notification: In an action described in clause (i), the attorney general of a State shall provide 
notice and a copy of the complaint to the Commission at the same time as the attorney general 
files the action. 

(b) Intervention: 

(1) In general: On receiving notice under subsection (a)(2), the Commission shall have the right 
to intervene in the action that is the subject of the notice. 

(2) Effect of intervention: If the Commission intervenes in an action under subsection (a), it 
shall have the right— 

(A) to be heard with respect to any matter that arises in that action; and 

(B) to file a petition for appeal. 

(3) Amicus curiae: Upon application to the court, a person whose self-regulatory guidelines 
have been approved by the Commission and are relied upon as a defense by any defendant to a 
proceeding under this section may file amicus curiae in that proceeding. 

(c) Construction: For purposes of bringing any civil action under subsection (a), nothing in this 
title shall be construed to prevent an attorney general of a State from exercising the powers 
conferred on the attorney general by the laws of that State to- 

(1) conduct investigations; 

(2) administer oaths or affirmations; or 

(3) compel the attendance of witnesses or the production of documentary and other Evidence. 

(d) Actions by the Commission: In any case in which an action is instituted by or on behalf of 
the Commission for violation of any regulation prescribed under section 1303, no State may, 
during the pendency of that action, institute an action under subsection (a) against any defendant 
named in the complaint in that action for violation of that regulation. 

(e) Venue; Service of Process: 
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(1) Venue: Any action brought under subsection (a) may be brought in the district court of the 
United States that meets applicable requirements relating to venue under section 1391 of title 28, 
United States Code. 

(2) Service of process: In an action brought under subsection (a), process may be served in any 
district in which the defendant- 

(A) is an inhabitant; or 

(B) may be found* 

SEC. 1306. ADMINISTRATION AND APPLICABILITY OF ACT. 

(a) In General: Except as otherwise provided, this title shall be enforced by the Commission 
under the Federal Trade Commission Act (15 U.S.C. 41 et seq.). 

(b) Provisions: Compliance with the requirements imposed under this title shall be enforced 
under- 

(1) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), in the case of— 

(A) national banks, and Federal branches and Federal agencies of foreign banks, by the Office of 
the Comptroller of the Currency; 

(B) member banks of the Federal Reserve System (other than national banks), branches and 
agencies of foreign banks (other than Federal branches, Federal agencies, and insured State 
branches of foreign banks), commercial lending companies owned or controlled by foreign 
banks, and organizations operating under section 25 or 25(a) of the Federal Reserve Act (12 
U.S.C. 601 et seq. and 61 1 et seq.), by the Board; and 

(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the 
Federal Reserve System) and insured State branches of foreign banks, by the Board of Directors 
of the Federal Deposit Insurance Corporation; 

(2) section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), by the Director of the Office 
of Thrift Supervision, in the case of a savings association the deposits of which are insured by the 
Federal Deposit Insurance Corporation; 

(3) the Federal Credit Union Act (12 U.S.C 175 1 et seq.) by the National Credit Union 
Administration Board with respect to any Federal credit union; 

(4) part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation with 
respect to any air carrier or foreign air carrier subject to that part; 
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(5) the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 
406 of that Act (7 U.S.C. 226, 227)), by the Secretary of Agriculture with respect to any activities 
subject to that Act; and 

(6) the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration with 
respect to any Federal land bank, Federal land bank association, Federal inteimediate credit bank, 
or production credit association. 

(c) Exercise of Certain Powers: For the purpose of the exercise by any agency referred to in 
subsection (a) of its powers under any Act referred to in that subsection, a violation of any 
requirement imposed under this title shall be deemed to be a violation of a requirement imposed 
under that Act In addition to its powers under any provision of law specifically referred to in 
subsection (a), each of the agencies referred to in that subsection may exercise, for the purpose of 
enforcing compliance with any requirement imposed under this title, any other authority 
conferred on it by law. 

(d) Actions by the Commission: The Commission shall prevent any person from violating a rule 
of the Commission under section 1303 in the same manner, by the same means, and with the 
same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal 
Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this tide. 
Any entity that violates such rule shall be subject to the penalties and entitled to the privileges 
and immunities provided in the Federal Trade Commission Act in the same manner, by the same 
means, and with the same jurisdiction, power, and dudes as though all applicable terms and 
provisions of the Federal Trade Commission Act were incorporated into and made a part of this 
title. 

(e) Effect on Other Laws: Nothing contained in the Act shall be construed to limit the authority 
of the Commission under any other provisions of law. 



[Page: H11242] 

SEC. 1307. REVIEW. 

Not later than 5 years after the effective date of the regulations initially issued under section 
1303, the Commission shall- 

(1) review the implementation of this title, including the effect of the implementation of this tide 
on practices relating to the collection and disclosure of information relating to children, children's 
ability to obtain access to information of their choice online, and on the availability of websites 
directed to children; and 

(2) prepare and submit to Congress a report on the results of the review under paragraph (1). 
SEC 1308. EFFECTIVE DATE. 

Sections 1303(a), 1305, and 1306 of this title take effect on the later of- 
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(1 ) the date that is 1 8 months after the date of enactment of this Act; or 

(2) the date on which the Commission rules on the first application filed for safe harbor treatment 
under section 1 304 if the Commission does not rule on the first such application within one year 
after the date of enactment of this Act, but in no case later than the date that is 30 months after 
the date of enactment of this Act 
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Child Tracker Demo 



Here are examples of ChildTracker.net's parental permission slip 
process, using the fictional site, "MyToys.com". 

1 ) "Registration" - This demonstrates the process for 
collecting children's information that will not be shared 
with outside parties. 

Click here to register at MvToys.com 

Click here to view the "registration" list 

2) "Verification" - This demonstrates the process for 
collecting children's information that will be shared with 
outside parties or posted. 

Click here to register at MyToys.com for a shared list 

Click here to view the "verified" list 
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MyToys.comPermission Request 

Hey Kids! In order to register for the Toys Club you have to get your parent's 
OK. Just fill out the form below and click the "Go" button and we'll send them 
a permission slip. 

Your Email: | 
Your Parents Email: ) ! 
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Thanks 

We just sent an e-mail to your parents to let them know you want to 
register with MyToys.com. 

As soon as they fill out the permission slip, we'll e-mail you to let you 
know that you can register. 

Remind your parents to check their e-mail for a note from us. See you 
back soon! 
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Main Identity 



From: <ChildTracker@followup.net> 

To : <amack @ f ollowup. n et> 

Sent: Tuesday, June 1 3, 2000 3: 1 4 PM 

Subject: A Permission Request from Your Child 

Dear Parent, 



Your child, amack @ fol lowup.net would like to register with MyToys.com. Because your child is 
under the age of 13, we are required to receive your permission before they give us any information. 

Please read our information use policy below and then click on the link at the bottom of the page to 
grant or deny, your permission for your child to register with us. 

MyToys.com Privacy Statement: 



^5 htt p://www.childtracker.net/ctprivacy.html 

P To complete the permission slip, please click here: 

jt£ http://www.chi ldtracker.net/Penm^ 

If you cannot click on the link above, copy it and paste it into the address line of your Internet 
IS browser. 

[Z This "permission slip" service is provided to MyToys.com by ChildTracker.net. ChildTracker.net is a 

trusted agent and does use, share or distribute any information provided to the MyToys.com for any 
J f reason whatsoever. 
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Parent Permission Slip 

Please fill out this form and we will e-mail your child when we receive 
your response. Please review your e-mail if you have any questions. 



Parents First Name: £ 



Parent's Last Name: £ 



Relationship To Child: [father fi 
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Thank you for filling out this permission slip. 

We will e-mail your child to let him or her know that 

you have responded. 
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Main Identity 



From: <ChildTracker@followup.net> 

To: <amack @ f ollowup. net> 

Sent: Tuesday, June 1 3, 2000 3:36 PM 

Subject: Child Tracker Permission 

Hi amack@foIlowup.net: 

We've received your parent's permission for you to register at MyToys.com. You can now go to our 
site and sign-up. 

To sign-up click, h ttp://w ww .chi ldtracker.net/subscri be . html 

Thanks! 
MyToys.com 
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Vendor's Registration Page 



http://www.childtracker.net/subscribe.html 
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Report for Toys Club 



Child Email 


Parent Email 


Parent 
First 
Name 


Parent 
Last 
Name 


Response 


Response 
Date 


amack@followup.net 


amack@followup.net 


alan 


mack 


Yes 


06/13/2000 
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Moving from Opt-Out to Opt-In 

Permission-based Customer Information Exchange 



An Open-Source Opt-In Framework - The key to this process is the tt opt-irf to the customer's 
permission to use personal information. PCIX provides a responsible framework for sharing 
personal information and is flexible enough to accommodate the needs of different industries and 
the evolution of the marketplace. It is "open source," not a formal standard that requires industry- 
wide agreement on code or definitions. But it does provide the consumer with a standard format 
for reviewing their information across different sites. Hence it works for everyone. 

As an "open-source framework," strict adoption of specific sub-categories is not required for PCIX 
vendors to exchange information. Separate vendors may hold the same information in different 
subcategories and can easily map them to communicate over a single system. 

PCIX Service Providers - PCIX allows for an environment of multiple, efficient data repositories 
where information can be managed and controlled by customers and accessed by vendors. 
Various third party, information support businesses can provide avenues for communication 
within the PCIX environment. Some will provide anonymity services; others will act as financial 
infomediaries. Still others will focus on permission-based information. If they operate openly, they 
all operate as PCIX services. 



PCIX 




PCIX - Using the Power of Technology to Manage the impact of Technology. 

Everyone wants to benefit from power of the Internet, but not at the expense of privacy. Different 
people have different ideas about how their information should be used by companies. Some 
people don't want their information to be used for any purpose other than basic service needs. 
Others will trade personal information for the chance to get sites targeted to their specific 
interests. The PCIX framework is flexible enough to accommodate a wide range of needs from 
both consumers and businesses. 



Elizabeth Knudsen EKnudsen@PermissionTracker.net 203 226-5853 ext. 40 
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PCIX.org Permission-based Customer Information exchange 



Creating the Market for Information in an Opt-In world 

PCIX.org is a coalition established to offer a meaningful market solution to the issue of 
privacy and personal information on the Internet. 

The PCIX Program 

PCIX is about creating a new category of businesses focused on third-party information 
management, and enabling the broad adoption of their services. Consumers can choose a 
service that fits their preferred style of information management. These services can act as 
privacy tools for consumers, and a responsible means for vendors to reach customers. 

The Meta-Directory - We are proposing a PCIX meta-directory that will allow different entities to 
map their information to all vendors. Vendors will only needs to sign up with the directory to 
access all third party services. This will enable infomediaries and privacy services, and vendors 
to focus on serving customers. 

Types of PCIX Services 

Anonymous Services 
Infomediaries 
Privacy Guards 
E-Wallets 



The Framework - The PCIX open source framework organizes information into broad categories 
that different vendors can map information to without altering internal database structures. The 
PCIX meta-directory would do the mapping creating a single point of contact for web vendors. It is 
"open source," not a formal standard requiring industry-wide agreement on code or definitions. 

1 . Permission and Privacy Level Opt- 
■sgspi Well site in/out, track subscriptions, track children 

f^gy^ : vendors 2. Descriptive Information Sex, age 

^ \ 3. Preference Information Hobbies, 

interests, color, airline seat 

4. Contact Information Address 
telephone number, delivery instructions 

5. Account and Historical Information 
Financial, medical information, etc. 




PCIX as a Tool - The service would act as a pass through, and not retain the customer 
information transferred on behalf of the third-party services. The services would be tools for 
consumers to manage their personal information across websites. 

The Association - PCIX.org was established to facilitate the adoption of a meaningful market 
approach to the issue of Internet privacy. By presenting an organized voice on the issues that 
impact information exchange and privacy PCIX.org will ensure the smooth implementation of this 
market that will serve the needs of both vendors and consumers. 

Elizabeth Knudsen EKnudsen@PCIX.org 203 226-5853 ext. 40 
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POX 



Moving from Opt-Out to Opt-In 

Permission-based Customer Information Exchange 

PCIX is the framework that can move the world from "opt-out" to "opt-in." PCIX allows consumers 
to share personal information in order to receive the best service, while protecting their privacy. 
At the same time, PCIX gives businesses a useable framework in which to responsibly 
communicate with customers and manage information efficiently. 




Website 
vendors 



PCDC 

Model 





1. Permission and Privacy Level 

2. Contact Information 

3. Descriptive Information 

4. Preference Information 

5. Account Information 



♦ Manage and edit permission levels granted 
to individual vendors, 

♦ Track subscriptions to e-mail newsletters 
and notifications. 

♦ Enter and edit personal profile information. 

♦ Record and update instructions for 
delivering packages to any location. 

♦ Control and monitor the e-mail messages 
sent to children, and give permission. 



The Information Framework - PCIX categorizes personal information into 6 basic levels: 

1. Permission and Privacy Level - Opt-in, Opt out, track subscriptions, monitor children, etc. 

2. Contact Information - Address telephone number, delivery instructions, etc. 

3. Descriptive Information - Sex, age, clothing size, etc. 

4. Preference Information - Hobbies, interests, clothing styles, color, airline seat, etc. 

5. Account and Historical Information - Financial, medical information, etc. 

The Agreement - PCIX rests on the principal that information is best used only for explicit 
purposes and only with the active permission of the customer. PCIX is based on the 
Responsible Use of Personal Information (RUPI); a commitment to not sell, share or combine 
information with third parties. 

How It Works - With PCIX, companies commit to the RUPI principals and post a button on their 
site. Consumers can go to a site and freely surf and enter information, knowing the site is safe. 
When they give information to the site, it will be recorded for the site and for the consumer at their 
PCIX provider. The consumer can then manage and edit the information and subscriptions from 
their account at their PCIX provider site. When they make changes at the site, the provider will 
communicate them to the company site for the consumer. 



Elizabeth Knudsen EKnudsen@PermissionTracker.net 203 226-5853 ext. 40 
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Abstracts 



1 . PCIX Service Network 

An information brokerage system 

Method and System for retrieving, exchanging and aggregating personally 
identifying information across the Internet between vendors, customers, and third 
parly databases via an encrypted customer-controlled directory service. 

2. AuthorizationTrakker.com 

A Method and Process for using a "Slave Server" system for creating and 
managing a separate authorization party account for a customer. 

Method and system for electronically employing a third party service for the 
retrieval of a parent's permission 

3. RegistrationTrakker.com 

Method and system for creating and maintaining a user account employing a 
Primary Server and an independent, third party Slave Server. 

4. EditTrakker.com 

Method and system for employing two distinct servers for account maintenance. 

Desirable to provide information access and editing capability independently of 
the vendors' database network 

Desirable to provide a support mechanism for vendor registration 

5. NoticeTrakker.com 

Method and system for employing a slave server system for alerting customers to 
changes in their account information. The slave system provides information 
access to customer information used by the vendor without risking access to the 
vendors databases. 

6. PermissionTrakker.com 

A method and system for obtaining customer permission for the use of personally 
identifiable information by a third party. 

7. ChoiceTrakker.com 
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A method and system for allowing customer control over the use of personally 
identifiable information by a third party. 



8- SecurityTrakker.com 

A method and system for allowing customer control and notice of the security 
methods employed by companies holding personally identifiable information 
about a customer. 

9. PrivacvTrakker.com 

A method and system for allowing customer control and notice of the privacy 
policies employed by companies holding personally identifiable information about 
a customer. 



"Pieces" or "Objects" in the Process 

1. Vendor 

2. Customer 

3. Primary server (Vendor's Server) 

4. Third Party or "Slave" Server (i.e. CT server function) 

5. Account Party 

6. Authorizing Individual (Parent in CT) 

7. PCIX Service Provider (Third Party Information Database Server) 

8. PCIX Network (Network Directory Server) 



Steps within a Claim 

A method and system employing two separate server systems for creating and 
maintaining account information 

Vendor server receives permission notification from a slave server ^ 

PCIX Network (Network Directory Server) receives request for information 

Method and process for an independent PCIX Network (Network Directory 
Server) to map vendor, client, 3 rd party relationships and then perform the data 
integration and communication. 



This Information is Proprietary and Confidential 
Folio wUp.Net LLC 06/1 4/00 



2 



PCIX - Oriented Business Patent Notes 



102138-1 



PCIX Network Claim (?) 

1 . Customer visits web site 

2. Vendor recognizes (cookie?, log-in?, how?) customer as having info stored 
with a PCIX Service Provider 

3. Vendor requests customer information 

4. PCIX Network (NDS) locates appropriate third party database server 

5. Third party database server transfers information to PCIX Network 

6. PCIX Network transforms data into appropriate format 

7. PCIX Network displays vendor request and PCIX Service Provider 
information back to customer (client software) for authorization to transmit to 
vendor 

8. Customer OK' s the PCIX Network to transmit information to client 

9. PCIX Network transmits information to Vendor's Primary Server (through 
proprietary, pciXML format?) 



AuthorizationTrakker - (Parent) Authorization Process Claim (?) 

The use of a third party to perform the authorization process 

1 . Customer (Child) wishes to register or sign-up at a Vendor's Web site 

2. Upon attempted registration, Vendor's Primary Server contacts third-party 
Slave Server 

3. Transfers information to independent Slave Server 

4. Slave Server creates account for authorizing individual 

5. Salve Server contacts authorizing individual 

6. Authorizing individual grants or denies authorization, and perhaps puts in 
additional information 

7. Slave Server notifies the Customer of outcome (through e-mail, cell phone, 
pager, et al) 

8. Slave Server directs the customer back to Primary Server 

9. Or - Web site transfers information to Primary Server 



Web site receives customer information from a third party database server 

Shares Client information " 

Displays client information 

Primary server takes over process 
Identifier communicated 

Customer can access Slave Server or PCIX Network to maintain the account on 
Primary Server or PCIX Service Provider 
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Slave server verifies account holder information with third party 
Communicates between parties 

• Provides Access 

• Enables Choice 

• Provides Notification 

• Provides Information Security 

• Records activity 

Remote editing 
A display component 
A self-ID component 
Combining infrastructure 

What are alternate processes & models? 

• Single server registration 

• Direct access to Vendor's servers 

• Stand-alone servers 
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Simplicity in function is a critical element, as FollowUp.Net applications are the antithese ofbloatware: 
fast, focused and effective. 



Market Research: 

• Elegant Survey Creation Process 

• Clean Survey Presentation 

• Simple, Logical Navigation with the Control Panel 

• Numerous Question Types 

• Real Time Reporting 

• Powerful Analysis with Eight Different Reporting Mechanisms 

• Reminder Notification for Non-Respondents 

• Survey Recipient Targeting with Profile fields 
3 • New Recipient Targeting 

| • Target Messaging for Respondents 

5 • Duplication of Surveys for Re-Sending or Modification 

| • Customize-able Options to Personalize Surveys and Messages 

Customer Profiling: 

3 • User-Defined Customer Group Labels 

0 • Unlimited Custom Profile Fields 

J • Profile Creation Straight from Surveys 

3 • Profile Customers Across All Surveys 

Direct Marketing: 

• Newsletters and Promotions 

• Customer Loyalty Programs 

• Target Messaging Using Profiles 

• Target Messaging of Respondents to Specific Answers 

• Several Customize-able Options Using Personalize your Messages 




For more infomation, contact: 
(203) 226-5853x118 
sales@followup.net 



C 200G FollcwUp.Net revision 020800. 



ProfileTrakker 



102138-100 



Bring eCustomer development to a new level and fulfill the promises of database 
and one-to-one marketing. ProfileTrakker lets e-commerce merchants get the 
most out of their customers - and customer acquisition costs - by providing a 
series of profiling and relationship building tools that are powerful, easy to use, 
and cost effective. 

ProfileTrakker creates and manages: 

• Customer Profiles 

• Target Marketing 

• Market Research 

• Permission Marketing 

• Brand Development 

• Promotions 

• Newsletters 

i A Complete Program 

g Used across all customers for the length of the relationship 

ifl Develop customer from visitor to buyer to loyal customer 

! * Actively reach out to customers with promotions, buyers clubs, newsletters, etc. 

r S Profile data collected from multiple points 

U : Runs from a centralized "control panel" 

j j Comprehensive, real time reporting 

;JJ Complete Profiles 

S Behavioral 
Attitudinal 
Demographic 

Easy to Use and Implement 
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IN THE CLAIMS 

We Claim: 

1. A method for a requester to gain access to desired 
location requiring the permission of an authority, 
comprising the steps of: 

providing a host to receive a request for access from 
said requester and to transmit said request to said 
authority; 

said host receiving a response from said authority; 

and 

dependent on said response, said host either providing 
said requester with access to said desired location or 
denying said requester access to said desired location. 

2. The method of claim 1 wherein said host is a computer 
server interconnected to said requester and to said 
authority. 

3. The method of claim 2 wherein said desired location is 
a data base accessible by a uniform resource listing (URL) . 

4. The method of claim 3 wherein said host is 
interconnected to said requester and to said authority by 
an integrated network of computers. 

5. The method of claim 4 wherein said integrated network 
of computers is an Internet. 

6. The method of claim 4 wherein said access is in the 
form of a password. 

7. The method of claim 4 wherein said access is in the 
form of a URL portal to said desired location. 

8. The method of claim 4 wherein said requester is a* 
child under the age of 18 and said authority is a parent or 
legal guardian of said child. 

9. The method of claim 8 wherein said child is under the 
age of 13. 

10. The method of claim 8 wherein said host further 
provides said authority with a list of desired locations 
accessed by said requester. 
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11. The method of claim 10 wherein said authority has the 
capability via said host of denying said requester with 
further access to one or more of said desired locations on 
said list of desired locations. 

12. The method of claim 8 wherein responsive to said 
request for access, said host obtains said requester's age 
and if said age is less than 13, said host obtains an 
identity of said authority from said requester and then 
notifies said authority of said request for access, wherein 
responsive to a response from said authority, said host 
either grants or denies said requester said desired access. 

13. The method of claim 12 wherein said step of notifying 
said authority includes one or more of a name of said 
desired location, information collected about said 
requester by said desired location, a privacy statement of 
said desired location, whether information collected by 
said desired location is shared with others and credit card 
validation information. 

14. A method for a host to provide known data about an 
entity to a third party pursuant to said entity's 
authorization, comprising the steps of: 

providing a means for said third party to recognize 
said entity as a member of a service of said host; 

responsive to said recognition, said host receiving a 
request from said third party for specific information 
about said entity; 

said host surveying at least one data repository for 
said specific information about said entity; 

said host displaying said specific information about 
said entity to said entity and requesting authorization 
from said entity to provide at least a portion of said 
specific information to said third party; and 

responsive to an opting in of said entity, said host 
providing at least a portion of said specific information 
to said third party. 

15. The method of claim 14 wherein said host, said entity 
and said third party are interconnected via an integrated 
network of computers. 

16. The method of claim 15 wherein said third party is 
provided with an indication that said entity is a member of 
said service of said host via digitally transmitted data. 
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17* The method of claim 16 wherein said digitally 
transmitted data is a cookie embedded with in said entity's 
computer's memory. 

18. The method of claim 16 wherein said specific 
information is located on a plurality on non-related data 
bases . 

19. The method of claim 18 wherein not one of said non- 
related data bases contains all of said specific 
information. 

20. The method of claim 18 wherein said host further 
classifies said specific information into a plurality of 
categories and said entity may opt to provide information 
classified within one or more of said plurality of 
categories . 

21. The method of claim 20 wherein said categories are 
selected from the group including permission and privacy 
information, contact information, descriptive information, 
preference information and account information. 

22. The method of claim 21 wherein said host further 
provides services selected from the group consisting of 
managing and editing permission levels , tracks 
subscriptions to email letters and notifications, enters 
and edits personal profile information, records and up- 
dates delivery information and controls and monitors email 
and access provided to children. 

23. The method of claim 14 wherein said third party 
conforms to conditions of said host prior to being granted 
access to any of said specific information. 

24. The method of claim 23 wherein said conditions of ^aid 
host include responsible use of personal information. 
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Abstract of the Disclosure 

There is provided a method for a requester to gain access 
to desired location, for example an Internet portal, that 
requires the permission of an authority. A host receives a 
request for access from the requester and transmits the 
request to the authority. Pursuant to the authority's 
response, the host either provides or denies the requester 
with access. In one embodiment, the requester is a child 
and the authority is a parent or legal guardian. In 
another embodiment, access is granted by providing the 
requester with a password, URL or other access to the 
Internet portal. 
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